Diablo_Rain/synos-public-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
synos-public-docs/README.md
diablo 53f100bd2d
docs: hard kernel numbers, refreshed game data, faction creed 
- ARCHITECTURE: the kernel section now carries the real Rust-vs-C numbers —
  22 Rust modules / 29,269 Rust LOC at ring 0 / 492 lines of hand-written C
  (nine FFI shims; the rest kbuild-generated). char-device/ioctl ABI, Ed25519
  module signing, Linux 6.19, QEMU-boot-validated.
- GRIMOIRE "by the numbers": 113 labs (was 108), 13 plugins (was 8), 84-module
  / ~105K-LOC gamification engine (was ~110/~53K), 7 playable factions, live
  systems (XP curve, perk synergies, morality consequences, faction wars).
- README: ChurchOfMalware creed updated to the current faction liturgy —
  "code is scripture · exploitation is sermon · INFECTION is salvation".

All measured from the live tree; boundary-clean (no sealed-symbol usage).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 21:03:17 -04:00

162 lines
9.5 KiB
Markdown
Raw Permalink Blame History

<div align="center">
<img src="./assets/phoenix.png" alt="Syn_OS — the synaptic operating system" width="280" />
# Syn_OS
### v80.0.0 — "Sunlance" (1.0 GA)
*An AI-native cybersecurity operating system, built almost entirely in Rust, designed for those who treat security as craft.*
[![Status](https://img.shields.io/badge/status-1.0_GA-2e8b57)]()
[![Codename](https://img.shields.io/badge/codename-Sunlance-c9302c)]()
[![Built with](https://img.shields.io/badge/built_with-Rust-000000?logo=rust)]()
[![License (this repo)](https://img.shields.io/badge/docs-CC--BY--SA_4.0-blue)](LICENSE)
</div>
---
## the gap
Syn_OS — the **Synaptic Operating System** — takes its name from the *synaptic gap*: the space between neurons where electrical signal becomes meaning. The underscore is deliberate. It points at the moment translation happens — between hardware and intent, between tool and operator, between threat and response.
Syn_OS is built on a different premise than the security-distro lineage that came before: **the operating system itself can carry intelligence.** Not as a chatbot bolted onto the desktop. As a substrate. A kernel that reasons. A daemon that learns the shape of your work. A training environment where every challenge teaches the muscle for the next one.
---
## what's in v80
v80.0.0 "Sunlance" is the **1.0 GA release** — the milestone that closes a sustained, multi-year build.
- **Custom Linux 6.19 kernel** with `CONFIG_RUST=y` and a **capability-gated kernel interface** that lets userspace query AI/observability state — decision telemetry, namespace trust, audit and incident signals, mitigation posture — through signed, memory-safe Rust kernel modules. Access is root-only and capability-gated.
- **209-crate Rust workspace.** Zero compile errors. Memory safety where memory safety matters.
- **ALFRED v6.0** — the AI daemon. Neuroanatomically-modeled brain. Local inference via Ollama and ONNX. No cloud in the critical path.
- **GRIMOIRE 1.0** — the gamified cybersecurity training platform. **108 hand-authored labs across 13 categories.** Faction system. XP economy. Boss contracts. Branching narrative quests. Maps to **11 professional certification paths.** Read more in [GRIMOIRE.md](./GRIMOIRE.md).
- **synos-bevy** — Bevy 0.14 game engine, 8 plugins, ~7,000+ lines of immersive desktop experience.
- **Arcanum Hive** — peer-to-peer encrypted mesh + Kubernetes operator. Sovereign coordination across distributed hardware. **The mesh is built for salvaged silicon** — old laptops and retired workstations pulled out of e-waste and back into the compute pool ([the philosophy →](./MESH.md)).
- **Post-quantum cryptography by default** — hybrid ML-KEM / ML-DSA across the system's transport and signing paths, with SLH-DSA in the trust toolkit.
- **41-stage self-healing build pipeline** producing three signed ISOs from a single source tree.
- **1,600+ tests, 100% pass rate**, 35% tarpaulin coverage floor.
- **MkDocs Material documentation** site, version-aware, checked against the source.
---
## by the numbers
The shape of a multi-year build, in figures:
| | |
|---|---|
| **209** | Rust crates in one workspace — **zero** compile errors |
| **80** | major version releases (v0 → v80 "Sunlance" 1.0 GA) |
| **108** | hand-authored GRIMOIRE labs across **13** categories |
| **11** | professional certification paths the labs map to |
| **1,600+** | tests · **100%** pass rate · 35% coverage floor |
| **8** | signed, capability-gated Rust kernel modules (`/dev/synos_*`) |
| **41** | self-healing build-pipeline stages → signed ISOs |
| **6.19** | custom Linux kernel, `CONFIG_RUST=y` |
| **0** | backdoors · cloud deps in the critical path · telemetry without consent |
*Almost entirely Rust. Post-quantum by default. No cloud in the critical path. Built on reclaimed silicon.*
---
## the road to 1.0, in one breath
Syn_OS reached 1.0 GA the way the rest of it was built — by compounding. **Twenty consecutive releases (v61 → v80)** carried the platform from the v60 line to the "Sunlance" general-availability milestone:
- The kernel's AI/observability interface was **re-architected and hardened** — signed modules, capability gates, root-only device access.
- **Post-quantum cryptography became the default**, not an option, across the system's transport and signing surfaces.
- The **GRIMOIRE catalog matured to 1.0** — 108 labs across 13 categories.
- **ALFRED consolidated into v6.0**, with a privacy-first, local-only posture and stronger guardrails around autonomous behavior.
- Supply-chain trust deepened — signed modules enforced, content-pinned packages, build-from-source attestation.
The deeper mechanics of these subsystems live with the source. The shape above is the public picture.
---
## the three-image strategy
Syn_OS is built once and ships in three signed ISOs.
| Image | Audience | What it carries |
|---|---|---|
| **Operator (Master)** | The team that builds Syn_OS. Internal. | The full surface. Not distributed publicly. |
| **GRIMOIRE Public** | Students, cohorts, self-taught practitioners. | The 108-lab training platform, gated tooling, mixed Apache 2.0 + GRIMOIRE-Public license. |
| **Goodlife** | AI researchers, post-quantum experimenters, civilian work. | Jupyter + 10-package research stack, ALFRED `research-mode`, LUKS-encrypted research data. |
| **⛧ ChurchOfMalware** | The congregation — offensive-security students & CTF players. | GRIMOIRE-tier, slim, cyberpunk. Member-edition perks baked in: faction, starting loadout, exclusive labs. *(in build — see below)* |
The boundaries between images are mechanically enforced — not honor-system. What ships, ships clean.
---
## what we promise
- **The mesh is the product.** Local AI on hardware you physically own. Old silicon reclaimed from landfills, not new GPUs auto-billed monthly. ([the e-waste philosophy →](./MESH.md))
- **No cloud in the critical path.** ALFRED runs on your machine. Inference happens locally. The system does not require a network connection to be useful.
- **No telemetry without consent.** The default state is silent. Anything that crosses the boundary of the box, you approve.
- **Memory-safe by default.** The Rust ratchet (v56) is a one-way commitment — kernel hot paths and userspace foundations move toward Rust, never away.
- **Post-quantum-ready.** Cryptography in the system is being built for the cryptographic transition that's underway, not the one that ended.
- **Reproducible builds.** SLSA-3 reproducible build pipeline. SBOM (CycloneDX) per ISO. Dual-witness signature support across mesh nodes.
- **Sigstore-signed releases.** Cosign-signed ISOs with Rekor transparency log entries. Verifiable provenance from build oracle to your USB stick.
- **Sovereignty as a design property.** You own your infrastructure, your intelligence, your future. Mechanically. Cryptographically. Architecturally.
- **No backdoors. Ever.** The codebase is the codebase.
---
## what's coming
Public release plans (the ISOs that aren't yet distributed publicly):
- **GRIMOIRE Public ISO** — the gamified training platform, signed, downloadable, with first-boot wizard, faction selection, lab progression. Target: imminent.
- **Goodlife ISO** — the AI research variant. Target: imminent.
- **⛧ ChurchOfMalware Edition** — a community variant built *with* the [Church of Malware](https://churchofmalware.org) offensive-security org. A dedicated, slim, cyberpunk-themed image distributed through the Church's own forge, where members get a **personalized edition**: auto-enrollment into the ChurchOfMalware GRIMOIRE faction, a baked-in starting loadout, an XP head-start, and member-exclusive labs forged from the community's own craft — mesh C2, RF/wireless, anti-scam ops, OSINT. *The plague doctor boots in green-on-black: code is scripture · exploitation is sermon · INFECTION is salvation.* The faction, perk engine, induction ceremony, quest chain, and boot ritual are **already built**; the ISO is **in active build now.** Target: imminent.
- **Cohort programs** — multi-tenant GRIMOIRE deployments for classes, clubs, security teams.
- **Public Sigstore + Rekor** — signed releases verifiable against the public transparency log.
- **Hive expansion** — public Ansible playbook for self-hosting the 8-node Arcanum Hive.
The Operator image remains internal. That isn't a deferral. That's the design.
---
## why "Syn_OS"
Three readings, all true:
1. **The synaptic gap.** Where signal becomes meaning. Where the operating system *is* the cleft between hardware and consciousness.
2. **Synthesis.** Hardware + AI + game + mesh, fused into one platform.
3. **Sin / sanity.** A name with weight. A platform with stakes.
> *"Own your infrastructure. Own your intelligence. Own your future."*
---
## who's behind it
Built by a small team out of **LumOs Solutions**, lead by Ty Limoges in pursuit of one question:
**What if security wasn't a checklist — what if it was a way of seeing?**
The work has been sustained over multiple years, across more than sixty named version releases, with a quality bar held high enough that the project's own quality gates (cargo deny clean, 100% test pass, supply-chain provenance, binary boundary enforcement) refuse the build when they aren't met.
---
## stay close
The project is moving fast. The public ISOs are close. Watch this repository — when the chapters change, the documents change with them.
The doors open as the work matures.
---
<div align="center">
<img src="./assets/phoenix-white.png" alt="" width="120" />
### *the gap is where the meaning lives.*
— LumOs Solutions —
</div>
Reference in New Issue View Git Blame Copy Permalink